Flawed browsers lead to most malware

Internet browsers are the most common way for hackers to deliver malware to unsuspecting users, found a report out Monday.

Over half of all malware results from an insecure web browser, according to a survey of 645 information technology companies from Ponemon, a research firm.


“The findings are evidence of the need for a more effective solution to stop Web-borne malware,” said the report, funded by Spikes Security.

Less than a third of respondents thought major browsers had “effective security tools for blocking web-borne malware,” according to the findings.

The results come as Google is taking additional steps to root out more bugs in its Chrome browser, which recently became the second-most popular browser behind Microsoft’s Internet Explorer.

The tech giant on Friday said it will start giving no-strings-attached grants to independent researchers to suss out flaws in its products, including Chrome.

The company will post vulnerabilities they are looking to eradicate and will dole out up to $3,133.70 to researchers willing to take a shot at it.

Since 2010, Google has rewarded researchers if they discovered flaws in Google products and services. The company said it’s adding the new grant program because these vulnerabilities are increasingly difficult to find, after years of independent researchers and Google’s in-house team working on the issue.

“Of course, that's good news, but it can also be discouraging when researchers invest their time and struggle to find issues,” said Google security engineer Eduardo Vela Nava in a blog post.

Chrome has benefited from these rewards as much, if not more, than any other product, Nava said. In 2014, more than half of the Chrome bugs discovered by outside researchers were found in beta versions of the browser.

“We were able to squash bugs before they could reach our main user population,” Nava said.

Still, the Ponemon survey showed IT professionals think browser-borne malware is getting worse, not better. Nearly 70 percent said it was “a more significant threat today than 12 months ago.”

Over three quarters thought it was certain or very likely their organization had an undetected infiltration from browser-based malware.